IBM Makes NFC Based 2-Factor Security for Mobile Transactions

IBM scientists have developed a new mobile authentication security technology based on the radio standard known as NFC. The technology provides an extra layer of security when using an NFC-enabled device and a contactless smartcard to conduct mobile transactions, including online banking and digital signatures when accessing a corporate Intranet or private cloud.

According to a recent report by ABI Research, the number of NFC devices in use will exceed 500 million in 2014. This statistic and the fact that 1 billion mobile phone users will use their devices for banking purposes by 2017* make for an increasingly opportune target for hackers.

To address these challenges, IBM scientists in Zurich, also known for inventing an operating system used to power and secure hundreds of millions of smartcards, have developed an additional layer, a so-called two-factor authentication, for securing mobile transactions.

Today many consumers use two-factor authentication from a computer, for example, when they are asked for both a password and a verification code sent by short message service (SMS). IBM scientists are applying the same concept using a personal identification number (PIN) and a contactless smartcard. The contactless smartcard could be a bank-issued ATM card or an employer-issued identity badge.

“Our two-factor authentication technology based on the Advanced Encryption Standard provides a robust security solution with no learning curve,” said Diego Ortiz-Yepes, a mobile security scientist at IBM Research.

How it works

The user simply holds the contactless smartcard next to the NFC reader of the mobile device and after keying in their PIN, a one-time code would be generated by the card and sent to the server by the mobile device.

The IBM technology is based on end-to-end encryption between the smartcard and the server using the National Institute of Standards Technology (NIST) AES (Advanced Encryption Standard) scheme. Current technologies on the market require users to carry an additional device, such as a random password generator, which is less convenient and in some instances less secure.

The technology, which is available today for any NFC-enabled Android 4.0 device, is based on IBM Worklight, a mobile application platform that is part of the IBM MobileFirst portfolio. Future updates will include additional NFC-enabled devices based on market trends.

A new IBM Institute for Business Value study on the “Upwardly Mobile” Enterprise confirms that organizations recognize the importance of making sure their mobile capabilities are secure. According to the report, security was the second most-cited challenge facing organizations.”